Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
14/06/2024, 01:03
Static task
static1
Behavioral task
behavioral1
Sample
a772a20941730fecc65ba395557429fe_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a772a20941730fecc65ba395557429fe_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a772a20941730fecc65ba395557429fe_JaffaCakes118.html
-
Size
4KB
-
MD5
a772a20941730fecc65ba395557429fe
-
SHA1
6afffc70bd4cf777b624173e6e93016a44a7c29a
-
SHA256
af5cb17ad32c8929086e8db345eb1579037fe6956b8a29653b8842ce6328d74d
-
SHA512
1d38ee4b38c849bdcf7e7c97262cae67892b359e64015122b8d91b5bad022c09b8bd2d8da6268e3878488756e109690406542f9c290842547c9303fccb7540a5
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ohBqw6cM:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 412 msedge.exe 412 msedge.exe 1836 msedge.exe 1836 msedge.exe 3584 identity_helper.exe 3584 identity_helper.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe 4836 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe 1836 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1836 wrote to memory of 4760 1836 msedge.exe 81 PID 1836 wrote to memory of 4760 1836 msedge.exe 81 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 4612 1836 msedge.exe 83 PID 1836 wrote to memory of 412 1836 msedge.exe 84 PID 1836 wrote to memory of 412 1836 msedge.exe 84 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85 PID 1836 wrote to memory of 1692 1836 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a772a20941730fecc65ba395557429fe_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1836 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe703646f8,0x7ffe70364708,0x7ffe703647182⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:22⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:82⤵PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:2728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,10505033589294924794,1834209110148644607,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4836
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3616
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
292B
MD5c85e340f6011a93e0aa3c9647b47bad0
SHA1bf0e2267ba8b9a55b09e46370dcfda4fad5367f2
SHA2564f5d38b6f673589ac06c909536faf26691c714ebeee61479aacde326f5ffe142
SHA5128caf2797804f45c6d07f8aa365e61d514a8b6f69ac62746489d34ab65e7acacbe836b0547e94dcd9a80f86a2bf9c820e0727909279d38a54b1fe067eb9558171
-
Filesize
6KB
MD5e6481352320f54c5cf61f09101398a99
SHA13084306188b2fa55faa73cbf301219c0ecdbc8dd
SHA256569a966268ca2f0f257781bc51e0a26feddd8380bd18fe139a3d7ef55fd55bef
SHA512aeaa709d95b2c4e5148273634f0e75c4be558bf59e3ec102255c7827873d5e1efd44fcf29d7fd4fe30c16c26eb6ef4ea2853ad51c133d36f335fecb021cf7fb5
-
Filesize
6KB
MD5ab610a59d579b9ca24931121ec5b5d05
SHA1d92c7f9587fa7c3e0f5e072cc254aca895e2e3d0
SHA2560a66d3a9ed073ee79017f882391b70f547636198590bb1d1e3b2f3b8597f2682
SHA5127befa16a9a770367792a4e9de03e5a373141e3344ad8ebe4a78738f06e2d1e80ff2d0c7ffeea37a6d644d9ba1ec11c20bdafbb4ac2fcb592e65b7362501de3b2
-
Filesize
6KB
MD59b3f485aaf1e33613af101096750c0ea
SHA10d4a10789b6e112d3a01e8eb64e6491352ee052a
SHA2565d5562e007becad122816ddd1c7939075ed21106c4c6bb42f26fa9de5d3d6028
SHA512897ae8572527abfbcd0eb2b7906d620613f6c3f9d56eccb55f2c625abe4c109a09b13c73420e450a3fb2df9cbe223e1e29fb56ff08de875d31e2c091a6e2e346
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5eb162c6fce53845863422bfbcabc529e
SHA185d7efbd34f3a4d6656e5cf10e4b66e85877d58e
SHA256e1b22ab9fc22df834dc900eb6439db36fc3300be8037da39a50c656e96821f94
SHA5123ffd2b4228332840113994936d986111d5fed1eb50cbd882784d49983c6e37de7c0087994566bf42fd2e387c4d5b56fdfba15cf4f7e93f31258b207b8e68076f